CVE-2004-2763

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2004-2763
The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.

5.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://archive.cert.uni-stuttgart.de/uniras/2004/02/msg00007.html
http://www.kb.cert.org/vuls/id/867593 US Government Resource
http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf Exploit
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sun:iplanet_web_server:4.1:sp2:enterprise:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp3:enterprise:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp6:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp7:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp11:enterprise:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp12:enterprise:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:4.1:sp1:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:4.1:sp11:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:4.1:sp5:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:4.1:sp7:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:6.1:sp2:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:4.1:*:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:6.0:sp1:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp4:enterprise:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:6.0:sp2:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:6.0:sp5:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:6.0:sp4:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp5:enterprise:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp11:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:4.1:sp6:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:4.1:sp9:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp2:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp4:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp6:enterprise:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:6.0:sp3:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:6.0:sp5:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp12:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp7:enterprise:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp5:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:4.1:sp10:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp3:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:6.1:sp1:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp9:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp10:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp1:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp1:enterprise:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp8:enterprise:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:4.1:sp3:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp9:enterprise:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp10:enterprise:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:4.1:sp2:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:4.1:sp8:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:4.1:sp12:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp8:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:4.1:sp4:*:*:*:*:*:*
Information

Published : 2009-06-01 15:30

Updated : 2009-06-01 21:00

NVD link : CVE-2004-2763

Mitre link : CVE-2004-2763

JSON object : View

CWE
CWE-16

Configuration

Advertisement

dedicated server usa
Products Affected

sun

  • iplanet_web_server
  • one_web_server